Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/Mp-WkL5LfQEHeiEPa89lCqDUb7M.roa
File: Mp-WkL5LfQEHeiEPa89lCqDUb7M.roa (raw, json)
Hash identifier: UWqq/+40L60SyFvJiU3kqY39GvLHdbPEjTuVTxUV+cs=
Subject key identifier: 32:9F:96:90:BE:4B:7D:01:07:7A:21:0F:6B:CF:65:0A:A0:D4:6F:B3
Certificate issuer: /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial: 019A0AA9FB4E26F5D4756AE40DFA97FE5AAC
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/Mp-WkL5LfQEHeiEPa89lCqDUb7M.roa
Signing time: Wed 22 Oct 2025 06:45:03 +0000
ROA not before: Wed 22 Oct 2025 06:45:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16509
IP address blocks: 159.148.134.0/24 maxlen: 24
159.148.136.0/24 maxlen: 24
159.148.137.0/24 maxlen: 24
159.148.140.0/24 maxlen: 24
159.148.184.0/24 maxlen: 24
159.148.186.0/24 maxlen: 24
159.148.224.0/24 maxlen: 24
159.148.225.0/24 maxlen: 24
159.148.226.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:0a:a9:fb:4e:26:f5:d4:75:6a:e4:0d:fa:97:fe:5a:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Validity
Not Before: Oct 22 06:45:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=329f9690be4b7d01077a210f6bcf650aa0d46fb3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:0f:58:bb:ca:eb:eb:04:11:96:63:bb:2c:ed:
cf:ca:c7:d8:9a:7f:52:41:31:22:ee:82:57:f4:5c:
a0:30:01:a4:38:6d:76:3f:00:eb:2b:91:04:31:f2:
68:4c:14:f8:93:93:c8:a0:c4:25:e8:d8:68:43:a0:
b3:5b:43:c0:dc:ab:98:c2:3f:bb:7e:29:22:a9:d0:
42:7f:3d:96:09:ba:56:81:d4:28:17:1a:d5:be:f6:
56:69:50:a4:74:44:ce:72:83:72:5a:04:df:b0:8e:
52:ed:51:ef:51:d7:d9:97:6c:29:41:5e:54:d3:d2:
52:3e:62:5f:14:f6:7d:71:f1:6f:ce:53:6b:8a:19:
06:eb:29:a8:47:83:c2:2b:5f:e0:a4:ff:94:50:db:
57:c3:a9:3e:b6:23:71:f6:6b:c1:df:2b:7f:ac:ad:
eb:c7:1b:6f:95:8e:70:c2:40:94:c0:83:f6:55:e6:
05:79:72:cb:1d:12:0d:cb:21:5b:26:7b:ba:b5:37:
c9:4c:c8:ea:36:2f:ef:64:a1:ca:9a:2d:f9:5b:f4:
d3:54:3f:28:b6:bf:15:0c:a3:ee:fb:d6:de:b2:f4:
4f:53:e7:2d:2b:e7:33:03:02:7f:9c:fe:27:89:f5:
8e:e3:d0:1a:63:97:bb:9b:3c:fe:83:99:52:65:27:
38:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:9F:96:90:BE:4B:7D:01:07:7A:21:0F:6B:CF:65:0A:A0:D4:6F:B3
X509v3 Authority Key Identifier:
keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/Mp-WkL5LfQEHeiEPa89lCqDUb7M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.148.134.0/24
159.148.136.0/23
159.148.140.0/24
159.148.184.0/24
159.148.186.0/24
159.148.224.0-159.148.226.255
Signature Algorithm: sha256WithRSAEncryption
a9:2c:4a:47:ac:a3:26:bd:fd:ed:20:b2:24:44:8d:a2:35:16:
b3:c7:63:96:01:e9:3b:7b:b5:ad:f6:1e:8a:56:e8:92:e3:39:
e7:dd:2b:05:ca:25:62:b9:b9:94:05:32:1c:24:7b:1e:f4:24:
dc:ed:48:d8:9f:dc:0d:58:81:d7:b7:91:7e:e9:03:e0:89:37:
4e:b9:06:d5:9a:c9:6e:b7:a4:99:dd:a1:9f:e0:e3:fc:a9:a8:
0e:a7:2f:54:da:cd:67:b6:e1:c1:ac:9a:39:f8:1c:75:72:91:
70:d1:55:0e:4d:9e:28:53:8f:2b:89:bf:08:57:2b:38:b6:e0:
f8:01:ec:6d:0d:43:47:e7:3c:7c:f8:8e:5e:47:95:a3:5c:02:
6c:0f:7d:3b:e5:56:5a:bd:a9:ba:bf:87:90:5d:3a:f7:5c:e5:
f9:bf:70:d5:5c:86:98:58:81:14:b7:cc:24:91:39:b1:c4:a2:
c7:bf:2d:2f:5e:cf:2a:a6:c3:48:8e:09:11:5a:f2:89:6c:73:
48:a8:c0:4a:a7:11:bd:1d:7c:9e:9f:37:f7:4a:bd:df:ae:fb:
ae:05:fa:32:4a:0e:7f:03:32:37:fc:b8:01:62:28:fd:4f:6b:
eb:b7:2e:25:32:fc:6b:b1:b7:ac:b3:d9:f8:ef:56:ad:34:41:
1a:0d:b3:c2
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZoKqftOJvXUdWrkDfqX/lqsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUxMDIyMDY0NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjlmOTY5MGJlNGI3ZDAxMDc3YTIxMGY2YmNmNjUwYWEwZDQ2ZmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1g9Yu8rr6wQRlmO7LO3PysfYmn9S
QTEi7oJX9FygMAGkOG12PwDrK5EEMfJoTBT4k5PIoMQl6NhoQ6CzW0PA3KuYwj+7
fikiqdBCfz2WCbpWgdQoFxrVvvZWaVCkdETOcoNyWgTfsI5S7VHvUdfZl2wpQV5U
09JSPmJfFPZ9cfFvzlNrihkG6ymoR4PCK1/gpP+UUNtXw6k+tiNx9mvB3yt/rK3r
xxtvlY5wwkCUwIP2VeYFeXLLHRINyyFbJnu6tTfJTMjqNi/vZKHKmi35W/TTVD8o
tr8VDKPu+9besvRPU+ctK+czAwJ/nP4nifWO49AaY5e7mzz+g5lSZSc43wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFDKflpC+S30BB3ohD2vPZQqg1G+zMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvTXAtV2tMNUxmUUVIZWlFUGE4OWxDcURVYjdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAn5SGAwQB
n5SIAwQAn5SMAwQAn5S4AwQAn5S6MAwDBAWflOADBACflOIwDQYJKoZIhvcNAQEL
BQADggEBAKksSkesoya9/e0gsiREjaI1FrPHY5YB6Tt7ta32HopW6JLjOefdKwXK
JWK5uZQFMhwkex70JNztSNif3A1Ygde3kX7pA+CJN065BtWayW63pJndoZ/g4/yp
qA6nL1TazWe24cGsmjn4HHVykXDRVQ5NnihTjyuJvwhXKzi24PgB7G0NQ0fnPHz4
jl5HlaNcAmwPfTvlVlq9qbq/h5BdOvdc5fm/cNVchphYgRS3zCSRObHEose/LS9e
zyqmw0iOCRFa8olsc0iowEqnEb0dfJ6fN/dKvd+u+64F+jJKDn8DMjf8uAFiKP1P
a+u3LiUy/Guxt6yz2fjvVq00QRoNs8I=
-----END CERTIFICATE-----
Generated at Tue Nov 4 15:03:54 2025 by rpki-client